Cybersecurity Pros Discuss Privacy in Video Interview

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

May 9 — More than ever, companies need to be prepared to defend against data breaches, and the debate over consumer encryption of personal devices has significant implications for companies, according to cybersecurity professionals.

In video interviews with Bloomberg BNA, Symantec Corp. Vice President of Government Affairs and Cyber Policy Cheri F. McGuire and University of California Berkeley Center for Law & Technology Executive Director James Dempsey shared their insights into some of the major privacy and security issues we face today, including combating cybercrime.

Privacy and Data Security: Fighting Cybercrime

Data breaches dominated headlines in 2015, including hacking attacks at Premera Blue Cross (52 PRA, 3/18/15) and Anthem (25 PRA, 2/6/15); the Office of Personnel Management (132 PRA, 7/10/15); and Ashley Madison (161 PRA, 8/20/15). The breaches showed that cybercriminals don't discriminate among companies or industries.

Cybercrime is no different from regular crime and it can’t be completely eradicated, according to McGuire. However, there are safeguards that individuals and organizations should take, she said.

McGuire recommended that companies update security software; update and patch operating systems on a regular basis; use data loss prevention technology; use encryption technology; and apply multi-factor authentication.

Balancing Privacy With Security

Many consumers often unknowingly agree to ubiquitous collection of data by connected devices making up the Internet of things.

With “everything collecting data and being always on,” the consumer privacy notice and consent model is outdated, Dempsey, a member of the federal Privacy and Civil Liberties Oversight Board and former executive director of the Center for Democracy & Technology, said.

Cloud computing and the “relinquishment of physical control” over data have brought great benefits but the “network of networks is fundamentally insecure,” Dempsey said.

McGuire, however, said the volume of data moving to the cloud has, in some ways, made information easier to protect. Cloud service providers can place multiple layers of protection at one point, instead of trying to protect data that is spread out, she said. But the cloud service contract includes “data loss protection technology and encryption for the data,” both at-rest and in-transit, McGuire said.

The recent standoff between Apple Inc. and the Federal Bureau of Investigation over access to a terrorist’s iPhone hurled encryption to the forefront of the debate over balancing privacy and security (61 PRA, 3/30/16). But the debate over encryption isn’t really a privacy versus security debate, it is a “security versus security debate”—strong widely deployed default encryption versus widely deployed encryption with a government access option—Dempsey said.

“Strong encryption will mean, that there will be times that bad guys are communicating, and the government cannot listen in on the content of those communications,” he said. “It’s a nasty trade off but it’s unavoidable,” he said.

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald G. Aplin at

For More Information

The video interviews are available at